class UsersController < ApplicationController
  include AuthenticatedSystem
  
  # Protect these actions behind an admin login
  # before_filter :admin_required, :only => [:suspend, :unsuspend, :destroy, :purge]
  before_filter :login_required, :except => [:new, :create]
  before_filter :find_user, :only => [:suspend, :unsuspend, :destroy, :purge]
  before_filter :body_id, :only => [:index, :manage_users]
				

  def body_id
    @body_id = :users
  end  

  # GET /users/new
  def new
    @user = User.new
  end

  # POST /users
  # POST /users.:format
  def create
    cookies.delete :auth_token
    # protects against session fixation attacks, wreaks havoc with 
    # request forgery protection.
    # uncomment at your own risk
    # reset_session
    @user = User.new(params[:user])
    @user.register! if @user.valid?
	
  	respond_to do |format|
        if @user.errors.empty?
  	    User.enable_registered(@user.id)
          self.current_user = @user
          flash[:notice] = "Thanks for signing up!"
  		format.html { redirect_back_or_default('/') }
  		format.xml { head :ok }
        else
  	    flash[:error] = "Sorry, there was a problem on signing up"
  		format.html { render :action => 'new' }
  		format.xml { render :xml => @user.errors.to_xml }
        end
  	end
  end

  def edit
    @user = User.find_by_id(params[:id])
	
  	if current_user != @user
  	  flash[:error] = "You can't edit this user"
  	  redirect_to :action => "show", :id => @user
  	end
  end
  
  # GET /users
  # GET /users.:format
  def index
    @users = User.find :all, :order => :name
    respond_to do |format|
  	  format.html
  	  format.xml { render :xml => @users.to_xml }
  	end
  end

  # GET /users/:id
  # GET /users/:id.:format
  def show
    @user = User.find params[:id]

  	respond_to do |format|
  	  format.html
  	  format.xml { render :xml => @user.to_xml }
  	end
  end
  
  # PUT /users.:id
  # PUT /users.:id.:format
  def update
    @user = User.find params[:id]
	
  	respond_to do |format|
  	  if @user.update_attributes(params[:user])
  	    flash[:notice] = 'Success on saving your information'
    		format.html { redirect_to :action => 'show', :id => @user }
    		format.xml { head :ok }
  	  else
  	    flash[:error] = "Sorry, can't update your information"
    		format.html { render :action => 'edit' }
    		format.xml { head :xml => @user.errors.to_xml }
  	  end
  	end
  end
  
  
  def manage_users
    if !User.can_update_users(current_user)
  	  flash[:error] = "You can't manage users"
  	  redirect_back_or_default(home_path)
  	end
	
    @users = User.find(:all, :order => :name)
  end

  ###################################################
  # Roles actions
  ###################################################  
  def enable_admin
    User.enable_administration params[:id]
    render_users_management
  end
  
  def disable_admin
    User.disable_administration params[:id]
    render_users_management
  end
  
  def enable_editor
  	User.enable_editorship params[:id]
  	render_users_management
  end
  
  def disable_editor
    User.disable_editorship params[:id]
  	render_users_management
  end
  
  def enable_author
  	@program = Program.find params[:program_id]
  	User.enable_program_authorship params[:user_id], @program
  	
  	render_authors_management @program
  end
  
  def disable_author
  	@program = Program.find params[:program_id]
  	User.disable_program_authorship params[:user_id], @program
  	
  	render_authors_management @program
  end
  
  ###################################################


  def activate
    self.current_user = params[:activation_code].blank? ? false : User.find_by_activation_code(params[:activation_code])
    if logged_in? && !current_user.active?
      current_user.activate!
      flash[:notice] = "Signup complete!"
    end
    redirect_back_or_default('/')
  end

  def suspend
    @user.suspend! 
    redirect_to users_path
  end

  def unsuspend
    @user.unsuspend! 
    redirect_to users_path
  end

  def destroy
    @user.delete!
    redirect_to users_path
  end

  def purge
    @user.destroy
    redirect_to users_path
  end

protected
  def find_user
    @user = User.find(params[:id])
  end
  
  def render_users_management
    @users = User.find :all, :order => :name
    render :partial => 'list_management', :locals => { :users => @users }
  end
  
  def render_authors_management(program)
    @users = User.find :all, :order => :name
    render :partial => 'shared/authors_by_program', :locals => { :program => program, :users => @users }
  end
end
